Para quem quer saber como o SMG funciona , segue abaixo o fluxo de sua arquitetura.

Backing Up Clearwell eDiscovery
Please take a moment and ensure that your regularly scheduled backups are functioning as planned.

Para acompanhar o que veio de novo nas versões 2.x

LUA 2.3.0

2.3.0.71 foi a primeira versão 2.3. Este comunicado contém os seguintes aprimoramentos / otimizações:

·         Informações de configuração LUA pode ser exportado para um arquivo de recuperação de configuração

o    Ajustes e configurações LUA pode ser restaurada em caso de falha do servidor LUA, ou pode ser usado como um protótipo para vários servidores LUA

·         Downloads com falha agora tem opção retomar / repetição

·         Notificação de evento dirigido por email para notificar o usuário (s) em caso de falhas de download / distribuição

·         Capacidade de auto-iniciar uma tarefa de distribuição após uma tarefa de download especificada

·         Manutenção de banco de dados automática LUA

·         Tarefas de download e distribuição parcialmente concluída agora mostrar uma porcentagem exata de conclusão através do monitor de atividade

·         Acesso rápido a recomendações de melhores práticas da Symantec fornecidas através do assistente de instalação e menu de programas

·         Melhoria nos tempos de carregamento para a página inicial do console LUA e log de eventos

LUA 2.3.1

·         O serviço do servidor web LUA irá reiniciar automaticamente se ele trava ou termina inesperadamente.

·         LUA irá automaticamente instalar e utilizar um Java Runtime Environment otimizado (versão 1.6 update 27).

·         É agora possível parar o LUA para executar automaticamente várias tarefas de distribuição especificados depois de uma tarefa de download especificada seja concluída.

·         Nova ligação rápida adicionada à interface do usuário que permite aos clientes de forma rápida e facilmente capturar todas as informações e dados solução de problemas relacionados LUA.

·         Novos links rápidos adicionados à interface do usuário: Como configurar um Centro de Distribuição remoto (Artigo e Vídeo), Guia de Seleção de Produto.

·         LUA agora instala e utiliza Apache Tomcat versão 7.0.21 e PostgreSQL versão 9.0.4.

·         Adicionado ao LUA a capacidade de enviar automaticamente e-mail de notificação sobre a conclusão bem sucedida de uma tarefa (bem como o fracasso de uma tarefa).

·         LUA será agora enviará automaticamente uma notificação por e-mail quando o espaço em disco está baixo na unidade para que LUA está instalado.

·         Aparência da notificação de mail foi melhorado (agora baseado em HTML).

·         Segurança dentro da interface do usuário foi aprimorado para garantir a proteção de cenários específicos de ataque em potencial.

·         LUA vai agora enviar periodicamente informações sobre o produto anônimo a Symantec (pode ser desativado se necessário).

LUA 2.3.2

·         Pacote com o Apache Tomcat versão 7.0.26 e PostgreSQL versão 9.1.3.

·         Pacote com o JRE 1.7 (JRE privado, empacotado automaticamente, instalado e configurado pelo instalador LUA).

·         Maior segurança com recursos avançados para proteger a interface do usuário a partir de certos ataques.

·         Adicionado a capacidade de modificar o caminho do diretório de download LUA a qualquer momento (e não apenas no momento da instalação).

·         Catálogo de Produtos vai agora atualizar automaticamente para garantir mudanças no catálogo que ficam disponíveis sem que seja necessário qualquer ação iniciada pelo usuário.

·         Alterações de horário será agora tratado corretamente para tarefas agendadas.

·         Notificações de e-mail pode ser enviado sempre que uma nova versão está disponível LUA, quando ocorrer alterações relevantes no catálogo ou como um aviso prévio com antecedência de grandes downloads de conteúdo mensais.

·         Conteúdo aprimorado para garantir que ele funciona de forma confiável, mesmo se uma fonte de terceira parte externa (por exemplo, robocopy) também está a aceder ao conteúdo. 

http://www.symantec.com/business/support/index?page=content&id=TECH171578

I just spotted that Exchange 2013 Cumulative Update 3 was released by the Exchange team at Microsoft. It's a huge 1.5 GB in size.  It's great to see updates coming out so quickly, it means that problems are being addressed in nice, quick order.

Before launching the installer though and updating your Exchange 2013 environment take a moment to consider the Enterprise Vault Compatibility Charts.  They only go as far as Exchange 2013 Cumulative Update 2.  So..  in sort, until the charts are updated, don't update Exchange. You might break something in Enterprise Vault, and Symantec will not 'guarantee' that it can be fixed, until they have certified the Cumulative Update.

References:

http://www.symantec.com/DOCS/DOC6602

http://www.symantec.com/DOCS/TECH38537

Here is October 2013's Most Popular Content in the Storage and Clustering community:

Top Viewed Content

 By way of introduction, my name is Brian Greene and I lead the product management team for Backup Exec. In late October, we posted an update about Backup Exec 2012 R2 and promised you more details as they became available. In the spirit of keeping an open dialog, I wanted to get back to you and share the latest information: 

1. Windows Server 2012 R2 support: Backup Exec 2012 R2 will include agent and media server support for Windows Server 2012 R2. This is a significant undertaking by our engineering team, but we are committed to delivering timely support. I know that many of you are asking for this support now, and we are doing everything we can to get to where you want us to be. I know many of you are frustrated and I apologize, please know that our #1 priority is to deliver timely platform support. We have put a structure in place to solve this issue so that we can return to being the first to offer support for new platforms.  Please reference item 3 below for more details.
2. Backup Exec 2012 R2 timing: We are targeting general availability (GA) between late in the 2nd quarter or early in the 3rd quarter of 2014 (calendar year).  We have achieved our feature code complete milestone and are quickly approaching our Beta 1 milestone.  Please reference item 4 below on how to sign up for the Beta.  In addition, we will continue to provide updates to you via Connect. 
3. VMware vSphere 5.5 support: Backup Exec 2012 Service Pack 3 is now available for download and includes support for VMware vSphere 5.5.  The release of this support, within 60 days of VMware’s GA, is an example of a new process we are implementing that allows us to leverage service pack releases to deliver more timely platform support to you.  We will continue to look for opportunities that meet specific scope criteria to add platform support via regular service pack releases.
4. Backup Exec 2012 R2 Beta registration: If you have already registered for the Beta, thank you! If you haven’t had a chance yet, I encourage you to register here.  The Beta program is open to partners, existing Backup Exec customers and anyone that is interested in testing out the next release of Backup Exec.  This program is a unique opportunity to see what you can expect in Backup Exec 2012 R2 and also provide our product team with invaluable feedback.  We expect the Beta to become available for download in early 2014 (read the original post about the Beta here).

Thank you for your continued support of and loyalty to Backup Exec.  We are committed to getting the product to where you want and expect it to be.

寄稿: Joseph Graziano

ソーシャルエンジニアリングスパムの新たな手口として、ユーザーを欺いてコンピュータ上でマルウェアを実行させようとする巧妙な手法が出回っています。今回マルウェア作成者が使っているのは、ウイルス対策ソフトウェア企業からの電子メールに偽装する手口です。エンドユーザー各自で重要なシステム更新をインストールする必要があると説明したうえで、ウイルス対策ソフトウェアの修正パッチを装ったファイルが添付されています。この電子メールは、Cryptolocker Trojanのように最近メディアを賑わせた新しい脅威を特に想定して、検出定義がまだ用意されていないかもしれないというユーザーの不安につけ込みます。この手のソーシャルエンジニアリングは、ユーザーを誘導して添付ファイルを開かせ、実際には何がインストールされるのかを深く考えないまま修正パッチと称するマルウェアをインストールさせようとするのが特徴です。

シマンテックが確認した電子メールの件名は多岐にわたりますが、なかには著名なセキュリティ企業の名前も使われています。

• AntiVir Desktop: Important System Update - requires immediate action（AntiVir Desktop: 重要なシステム更新のお知らせ - 緊急対応が必要です）
• Avast Antivirus: Important System Update - requires immediate action（Avast Antivirus: 重要なシステム更新のお知らせ - 緊急対応が必要です）
• AVG Anti-Virus Free Edition: Important System Update - requires immediate action（AVG Anti-Virus Free Edition: 重要なシステム更新のお知らせ - 緊急対応が必要です）
• Avira Desktop: Important System Update - requires immediate action（Avira Desktop: 重要なシステム更新のお知らせ - 緊急対応が必要です）
• Baidu Antivirus: Important System Update - requires immediate action（Baidu Antivirus: 重要なシステム更新のお知らせ - 緊急に対応が必要です）
• Cloud Antivirus Firewall: Important System Update - requires immediate action（Cloud Antivirus Firewall: 重要なシステム更新のお知らせ - 緊急に対応が必要です）
• ESET NOD32 Antivirus: Important System Update - requires immediate action（ESET NOD32 Antivirus: 重要なシステム更新のお知らせ - 緊急に対応が必要です）
• Kaspersky Anti-Virus: Important System Update - requires immediate action（Kaspersky Anti-Virus: 重要なシステム更新のお知らせ - 緊急に対応が必要です）
• McAfee Personal Firewall: Important System Update - requires immediate action（McAfee Personal Firewall: 重要なシステム更新のお知らせ - 緊急に対応が必要です）
• Norton AntiVirus: Important System Update - requires immediate action（ノートン アンチウイルス: 重要なシステム更新のお知らせ - 緊急に対応が必要です）
• Norton Internet Security: Important System Update - requires immediate action（ノートン インターネットセキュリティ: 重要なシステム更新のお知らせ - 緊急に対応が必要です）
• Norton 360: Important System Update - requires immediate action（ノートン 360: 重要なシステム更新のお知らせ - 緊急に対応が必要です）
• Symantec Endpoint Protection: Important System Update - requires immediate action（Symantec Endpoint Protection: 重要なシステム更新のお知らせ - 緊急に対応が必要です）
• Trend Micro Titanium Internet Security: Important System Update - requires immediate action（Trend Micro Titanium Internet Security: 重要なシステム更新のお知らせ - 緊急に対応が必要です）

件名は異なっていても、添付された zip ファイルに悪質な実行可能ファイルが含まれている点は変わりません。

マルウェアが実行されると、networksecurityx.hopto.org に接続して別のファイルがダウンロードされます。このマルウェアは、ozybe.exe というプロセスを使ってタスクを実行します。

保護対策と基本的なセキュリティ対策（ベストプラクティス）

これらの電子メールや類似の電子メールは、Symantec Email Security.cloudの Skeptic スキャナによって、エンドユーザーに届く前に遮断されます。また、シマンテックは、この攻撃に関連するファイルを以下の定義名で検出します。

• Trojan.Gen
• Trojan.Zbot
• WS.Viral.1

ソーシャルエンジニアリングスパムによる攻撃の被害者にならないように、以下の基本的なセキュリティ対策（ベストプラクティス）に従うことをお勧めします。

• 電子メールメッセージの中の疑わしいリンクはクリックしない。
• 知らない相手から送信された電子メールの添付ファイルは開かない。
• 電子メールに返信するときに個人情報を記述しない。
• ノートン インターネットセキュリティやノートン 360など、フィッシング詐欺やソーシャルネットワーク詐欺から保護する統合セキュリティソフトウェアを使う。
• 電子メールで送られてきたリンクや、ソーシャルネットワークに掲載されているリンクがどんなに魅力的でも不用意にクリックしない。

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

• Web administrators should ensure that any potential infrastructure vulnerabilities are plugged before Cyber Monday in order to prevent attackers from taking advantage of these flaws. They should also monitor network traffic for any suspicious activity.
• Retailers should ensure that their employees are trained to understand the risks associated with social engineering attacks that are designed to breach their companies’ systems, which could affect consumers. Similarly, other companies should also train their staff to be aware of phishing scams around this day, in case employees decide to shop online from their work computers. 
• Consumers should use the latest version of their Internet browsers to shop online and should ensure that their software, including antivirus software, is up-to-date. Symantec offers consumers the latest Norton solutions for both computers and mobile devices.
• Customers should only purchase goods through reputable online retailers and should check if the website that they’re shopping on is secured through Secure Sockets Layer (SSL). They can tell if the site is secured in this way if the URL includes “https” rather than just “http”. Consumers should avoid inputting financial information on sites without this protection.
• Users should always avoid clicking on links in unsolicited emails, especially if they offer deals that seem too good to be true. They should always check legitimate retailers’ official websites to see what deals are on offer. Users should also never send sensitive financial information through email.
• Consumers should monitor their bank or credit card activity over the holiday season and report any suspicious purchases or unauthorized money transfers. 

 Much of the work/thoughts behind this post come from Jochen Koecher, I've just done the leg work of doing screenshots and writing stuff down in a slightly different format. The blog posts discusses a lesser-known field in the Enterprise Vault Directory Database called BackupModeRefCount. When you put a Vault Store into and out-of backup mode this field is used to keep track, as a counter of sorts.

So to get to the nuts and bolts of this ...

set-vaultstorebackupmode lots evsql VaultStore

This puts my Vault Store called lots into backup mode. You can see this in SQL:

PS C:\Program Files (x86)\Enterprise Vault> clear-vaultstorebackupmode lots evsql vaultstore -forceclearbackupmode 1

You are about to clear backup mode from vault store 'lots'. Ensure that the
vault store and its partitions are not currently being backed up.
Do you want to continue?
[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): Y

.. and that means the Vault Store is no longer in backup mode

I have just released version 15 of the Patch Trending Site Builder. Here is the change log:

Release 15

This release contains a major codefix, a minor codefix and two important new features and a minor CLI change:

• Code fix (1): Modified the getbulletin.html page to ensure it loads charts properly under various Internet Explorer versions (tested on Version 8, 9 and 10)
• Code fix (2): Modified getbulletin.html to verify whether trending data exists or not for the requested entry. If not the message 'No data is available...' is displayed.

• Feature (1): Added command line option /write-all to prevent the following static pages from being over-written with each site builder invocation (i.e. they will only be overwritten if you invoke 'sitebuilder.exe /write-all'):

  • inactive-computers.html
  • compliance-by-computer.html
  • getbulletin.html
  • webpart-fullview.html
  • menu.css
  • help.html
  • javascript/helper.js

  You will notice that this feature include the menu.css. This will allow you to customise the look and feel of the site without loosing your work in between all execution. The same is true for the html pages, as you can now customise them further without the risk of loosing them.

• Feature (2): Added a new html page name 'webpart-fullview.html'. This page is a copy of getbulletin.html without the site navigation. It is designed to be used inside the SMP console right-click actions inside a virtual window.
• CLI change: Added a standard message to display all valid option when invoking the executable with the help paremeter (/? or --help)

And here is the command line help message:

Welcome to the Patch Trending SiteBuilder. Here are the currently supported
command line arguments:

    /install

        This command line installs the pre-requisite stored procedures to the
        Symantec CMDB and terminates.

    /write-all

        This command line will prevent static html and css  files from being
        written to disk. This allows you to customise the site look and feel
        to better suit your needs.

    /?

        This command line prints out this help message and terminates.

As you possibly have noticed we have anew version of the Patch Trending Site Builder executable and package.

The package contains everything you need for a fresh installation, however what do you need to do if you want to benefit from the changes in v15 without re-installing?

Here's a quick guide.

Part I: update the page getbulletin.html

Because version 15 introduces the /write-all option it will not over-write existing files. However there is only 1 file that really need to be updated: getbulletin.html, which is the page used to display the range-filter charts for the 'Compliance in %' and 'Installed versus Applicable' data.

So in order to get the page updated you have 3 options:

• Run "site-builder /write-all" at least once after the v15 upgrade
• Delete the file getbulletin.html before running the site builder, the latest version will be written down
• Extract the update package attached here and copy the html file to the PatchTrending directory

Part II: import the Right-click action

In the install package for version 15 we have added a new item: "Patch Compliance trends.xml". This item provides right-click access to the bulletin compliance trend charts when Software Bulletins itesm are displayed on the console.

To import the right-click action unpack the update file attached here and naviagate to the Management Console Right Click Menu Folder (Settings > All Settings > Notification Server > Right Click Menu).

Right click on the folder and select import. Navigate to the unpacked files and select "Patch Compliance trends.xml". Once the item is loaded on the console modify the url if you have not installed Patch Trending on the default web-location ('/Altiris/NS/PatchTrending').

You can now naviagte to Software Bulletin reports and right-click on rows to access the compliance trend charts.

Symantec has discovered a new Linux worm that appears to be engineered to target the “Internet of things”. The worm is capable of attacking a range of small, Internet-enabled devices in addition to traditional computers. Variants exist for chip architectures usually found in devices such as home routers, set-top boxes and security cameras. Although no attacks against these devices have been found in the wild, many users may not realize they are at risk, since they are unaware they own devices that run Linux.

The worm, Linux.Darlloz, exploits a PHP vulnerability to propagate itself in the wild. The worm utilizes the PHP 'php-cgi' Information Disclosure Vulnerability (CVE-2012-1823), which is an old vulnerability that was patched in May 2012. The attacker recently created the worm based on the Proof of Concept (PoC) code released in late Oct 2013.

Upon execution, the worm generates IP addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability. If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target. Currently, the worm seems to infect only Intel x86 systems, because the downloaded URL in the exploit code is hard-coded to the ELF binary for Intel architectures.

Linux is the best known open source operating system and has been ported to various architectures. Linux not only runs on Intel-based computers, but also on small devices with different CPUs, such as home routers, set-top boxes, security cameras, and even industrial control systems. Some of these devices provide a Web-based user interface for settings or monitoring, such as Apache Web servers and PHP servers.

We have also verified that the attacker already hosts some variants for other architectures including ARM, PPC, MIPS and MIPSEL on the same server.

Figure: The “e_machine” value in ELF header indicates the worm is for ARM architecture.

These architectures are mostly used in the kinds of devices described above. The attacker is apparently trying to maximize the infection opportunity by expanding coverage to any devices running on Linux. However, we have not confirmed attacks against non-PC devices yet.

Vendors of devices with hidden operating systems and software, who have configured their products without asking users, have complicated matters. Many users may not be aware that they are using vulnerable devices in their homes or offices. Another issue we could face is that even if users notice vulnerable devices, no updates have been provided to some products by the vendor, because of outdated technology or hardware limitations, such as not having enough memory or a CPU that is too slow to support new versions of the software.

To protect from infection by the worm, Symantec recommends users take the following steps:

1. Verify all devices connected to the network
2. Update their software to the latest version
3. Update their security software when it is made available on their devices
4. Make device passwords stronger
5. Block incoming HTTP POST requests to the following paths at the gateway or on each device if not required:

• -/cgi-bin/php
• -/cgi-bin/php5
• -/cgi-bin/php-cgi
• -/cgi-bin/php.cgi
• -/cgi-bin/php4

Hi All,

Please help me to  download trial of the NetBackup PureDisk Virtual Appliance

if any any one knows  the  link. kindly shared to me

madan,

In Switzerland, a judge sentenced a young man to pay a fine for a comment he made on a social network. According to news reports, he felt he didn’t receive a sufficient number of birthday congratulations from his 290 friends on the social network. He posted a comment that roughly translates to, “Is no one happy about my birthday? (…) I am going to destroy you all, you will regret it, now no one can protect you… pow pow pow.” He later explained that it was obviously meant as a sarcastic comment and not intended as a death threat. The judge did not see the humor in the comment and sentenced him to pay a fine.

This is just the most recent case of many alleged fake threats that have been posted this year. Others have received much higher penalties, like a teenager in Texas who spent five months in prison after posting “an alleged threat on Facebook.” Comments that can be perceived as threats can quickly generate a costly response from local authorities.   

Remember that a winky face emoticon is not enough to show that you are joking—law enforcement does not view threats as jokes and they are not treated as such. It’s wise to think twice about what you post on your social network, including both pictures and comments.

Content on social networks can spread very quickly. For example, earlier this year, another hoax chain mail made its way around a popular smartphone application. There were multiple versions of the hoax and one of the messages was a computer-generated voice that said, “Send this message in the next 20 minutes to 20 friends or you will be dead by tomorrow.” Hopefully, this was viewed as an obvious hoax and simply ignored and deleted by any who received the message. However, this instant messaging service is very popular among teenagers. Many students were frightened and forwarded the message in fear of the threat. In Germany, the hoax took off like wildfire and reached enough under-age individuals that the police started to warn people about the hoax message.

It is important to think about the consequences of anything that is posted online. Keep in mind that an off-color joke can be perceived as an actual threat. If you have doubts about what to post, it may be better to err on the side of caution (or post a cute kitten picture) – or better yet, hold off on posting anything questionable at all.

• Web 管理者は、サイバーマンデーに先立って、インフラの脆弱性がすべて修正されていることを確認し、攻撃者に脆弱性を悪用されないようにしてください。また、怪しい活動がないか、ネットワークトラフィックの監視を怠らないでください。
• 小売店は、システムへの侵入を狙ったソーシャルエンジニアリング攻撃に伴うリスクを従業員が理解するように教育する必要があります。攻撃が消費者にも影響を与える恐れもあります。同様に、小売業以外の企業も、従業員が職場のコンピュータからオンラインショッピングをする可能性に備えて、サイバーマンデーをめぐるフィッシング詐欺に注意するよう従業員を教育してください。
• 消費者は、オンラインショッピングに最新バージョンのブラウザを使うよう心掛け、ウイルス対策ソフトウェアを含めて各ソフトウェアを常に最新の状態に保つようにしてください。シマンテックは、PC およびモバイルデバイス向けに最新のノートン製品を提供しています。
• 消費者は、信頼できるオンラインショップだけから商品を購入し、ショッピングしている Web サイトが Secure Sockets Layer（SSL）で保護されていることを確認してください。保護されているサイトは、URL に「http」ではなく「https」が含まれているので区別がつきます。保護されていないサイトでは、口座情報を入力しないでください。
• 迷惑メールにあるリンクは決してクリックしないでください。特に、信じられないほどお得な商品を宣伝している場合には注意が必要です。正規の小売店の公式 Web サイトを常に確認しておけば、どのような商品が提供されているかわかります。重要な口座情報などを電子メールで送信することも厳禁です。
• 消費者は、ホリデーシーズンの間、銀行口座やクレジットカード情報を監視し、疑わしい購入記録や不正な送金記録があった場合にはただちに報告してください。

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。